And should be used for spam activity as we can see also from the detection name of AVG:Trojan horse SpamBot.G

And now lets do a little analysis:

This rootkit variants seem pretty nasty, there aren’t SSDT / ShadowSSDT Hooks detected, if you use certain Anti-Rootkit software you’ll get a BSOD, rootkit driver is started also in Safe Mode Normal / Network Support, you cannot modify/change/delete any registry key that is related to the rootkit drivers, you cannot modify/change/delete the 2 files with extension .SYS that were created !!! The drivers seem to install hooks not only in Ntfs.sys and Fastfat.sys, but (if I am not wrong) also in:
-FltMgr.sys
-mrxdav.sys
-mrxsmb.sys
-Msfs.sys
-Mup.sys
-Npsf.sys
-Netbios.sys
-rdbss.sys
-sr.sys
-srv.sys

Also if you boot Windows in Safe Mode (at least in my case) the second driver named tcpsr.sys will be automatic deleted !

Apparently this rootkit seems to be the boss of the OS : )

Now lets see some images:

Suspicious drivers modifications/hooks:

No SSDT hooks detected

Stealth code detected

Visible processes

Kernel Modifications (here I used Kernel Detective by GamingMasteR of at4re)

registry startup keys

Below there is some (different from the other analysis) Internet Traffic that we received with the malware: